Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kE9xtVa-1-I9UctxLdBTD1u14v4.roa
File:                     kE9xtVa-1-I9UctxLdBTD1u14v4.roa (raw, json)
Hash identifier:          U/CLd/Bxgmp5OHM40cdCE7cCaQEzTeKgd23Zi16Mdus=
Subject key identifier:   90:4F:71:B5:56:BE:D7:E2:3D:51:CB:71:2D:D0:53:0F:5B:B5:E2:FE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018489DB0A0461D28C3674E17B40E2360BDA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kE9xtVa-1-I9UctxLdBTD1u14v4.roa
Signing time:             Fri 18 Nov 2022 08:29:04 +0000
ROA not before:           Fri 18 Nov 2022 08:29:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        62.76.231.0/24 maxlen: 24
                          194.87.115.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.87.26.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          195.133.12.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          192.124.172.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24
                          193.124.205.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:89:db:0a:04:61:d2:8c:36:74:e1:7b:40:e2:36:0b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 18 08:29:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=904f71b556bed7e23d51cb712dd0530f5bb5e2fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:50:31:c0:7b:1d:07:a4:9d:a6:44:1b:fb:d8:
                    ee:e6:97:fd:db:4b:1d:d3:8f:45:9b:f0:c2:93:3f:
                    dd:75:1d:03:69:1c:ca:2f:75:6e:8a:48:7f:e9:e0:
                    37:d1:c1:58:9d:df:8c:10:a3:78:03:38:23:33:88:
                    36:28:93:75:fa:d8:ce:ec:04:2a:e0:5a:63:82:ae:
                    68:2b:31:ba:9c:64:40:dc:58:2a:8e:b1:15:bd:bf:
                    0d:44:3b:f4:d6:56:69:44:ec:c7:c6:d4:7e:69:7f:
                    0c:9b:29:e4:72:40:a5:ad:fe:06:65:ba:03:be:ed:
                    23:4d:3a:f2:e6:d3:ee:f6:cc:b8:48:c6:76:78:fb:
                    0e:5d:e3:78:aa:e5:61:84:5d:17:b0:f6:b2:dd:b5:
                    3b:14:9b:b0:21:9d:72:c4:91:c1:a6:11:d7:9a:f2:
                    04:9b:02:3e:b8:d6:c2:98:6e:46:05:5e:82:a3:e5:
                    a7:bd:6b:fe:9f:b8:d2:5b:92:84:dc:5f:79:bd:dd:
                    f7:20:0a:25:94:a6:ac:c6:f8:f0:40:17:0c:68:65:
                    7b:16:74:3f:7b:e1:68:01:b5:0d:28:9f:22:07:09:
                    fd:e9:74:6e:17:19:30:46:5d:40:49:e0:88:45:09:
                    3f:93:55:b4:6d:22:a0:2d:f7:6f:20:66:14:b2:49:
                    d3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4F:71:B5:56:BE:D7:E2:3D:51:CB:71:2D:D0:53:0F:5B:B5:E2:FE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kE9xtVa-1-I9UctxLdBTD1u14v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.231.0/24
                  192.124.172.0/24
                  192.124.178.0/24
                  193.124.205.0/24
                  194.87.26.0/24
                  194.87.115.0/24
                  194.135.18.0/24
                  195.133.12.0/24
                  195.133.15.0/24
                  212.192.208.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:77:2b:2e:77:52:c1:23:13:1e:99:98:36:43:ec:bd:08:24:
         f7:c7:8d:de:ce:0a:1f:5c:a0:2e:1b:2f:f5:4e:d2:11:a9:c7:
         d5:25:3c:77:c6:b0:f1:86:f7:c9:e8:bf:06:00:d0:94:ed:cb:
         b2:57:95:26:27:62:73:e7:f5:1f:13:42:b2:24:bd:fd:ec:6a:
         38:a8:7a:60:fd:fb:16:5e:78:00:9f:cf:a8:5b:0d:a5:97:d5:
         e3:bc:fa:99:70:ad:b4:bb:f1:f3:86:32:0b:c0:66:a6:ff:b2:
         0a:1e:ec:0c:e4:26:e6:13:59:ba:69:f2:06:44:df:4b:21:24:
         aa:c2:09:a0:56:45:d3:53:32:b3:dc:30:9c:e8:48:02:b6:6f:
         15:e8:5d:12:ee:95:8a:b6:39:37:c4:63:9a:4f:d6:cc:a6:20:
         3f:d0:a6:7f:33:d2:bf:63:3e:e2:3d:19:c5:3e:0d:86:11:28:
         28:6c:3e:40:7d:67:15:d5:85:0d:bd:a2:da:d8:c7:af:3b:79:
         98:9f:a9:b4:ca:bc:8a:67:5c:7e:5d:65:9f:35:ae:18:f2:75:
         68:b5:99:49:c8:be:f4:b6:a9:5f:6b:62:6e:72:cf:d7:59:1b:
         80:5a:b4:e2:8f:ad:b5:9a:ad:1d:62:87:58:33:06:11:be:90:
         06:bc:ab:74
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYSJ2woEYdKMNnThe0DiNgvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTE4MDgyOTA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRmNzFiNTU2YmVkN2UyM2Q1MWNiNzEyZGQwNTMwZjViYjVlMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVAxwHsdB6SdpkQb+9ju5pf920sd
049Fm/DCkz/ddR0DaRzKL3Vuikh/6eA30cFYnd+MEKN4AzgjM4g2KJN1+tjO7AQq
4Fpjgq5oKzG6nGRA3FgqjrEVvb8NRDv01lZpROzHxtR+aX8MmynkckClrf4GZboD
vu0jTTry5tPu9sy4SMZ2ePsOXeN4quVhhF0XsPay3bU7FJuwIZ1yxJHBphHXmvIE
mwI+uNbCmG5GBV6Co+WnvWv+n7jSW5KE3F95vd33IAollKasxvjwQBcMaGV7FnQ/
e+FoAbUNKJ8iBwn96XRuFxkwRl1ASeCIRQk/k1W0bSKgLfdvIGYUsknT8wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJBPcbVWvtfiPVHLcS3QUw9bteL+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEva0U5eHRWYS0xLUk5VWN0eExkQlREMXUxNHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAPkznAwQA
wHysAwQAwHyyAwQAwXzNAwQAwlcaAwQAwldzAwQAwocSAwQAw4UMAwQAw4UPAwQA
1MDQAwQA1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQCKdysud1LBIxMemZg2Q+y9CCT3
x43ezgofXKAuGy/1TtIRqcfVJTx3xrDxhvfJ6L8GANCU7cuyV5UmJ2Jz5/UfE0Ky
JL397Go4qHpg/fsWXngAn8+oWw2ll9XjvPqZcK20u/HzhjILwGam/7IKHuwM5Cbm
E1m6afIGRN9LISSqwgmgVkXTUzKz3DCc6EgCtm8V6F0S7pWKtjk3xGOaT9bMpiA/
0KZ/M9K/Yz7iPRnFPg2GESgobD5AfWcV1YUNvaLa2MevO3mYn6m0yryKZ1x+XWWf
Na4Y8nVotZlJyL70tqlfa2Jucs/XWRuAWrTij621mq0dYodYMwYRvpAGvKt0
-----END CERTIFICATE-----